1. Technical Field
The present invention relates generally to computer systems and more specifically to use of sandboxing techniques within computer systems. Still more particularly, the present invention relates to a method and system for extending sandboxing functionality to enable use of switchable skins at the base operating system level of computer systems.
2. Description of the Related Art
A computer-implemented method known as “sandboxing” has recently been developed to allow a software program to be executed within a controlled environment in which the program is prevented from accessing system-wide operations that could damage the computer system. Sandboxing generally refers to enforcing restrictions on a specific instruction or a sequence of instructions and provides a way of preventing direct physical corruption of data and applications on a computer system (or OS processes).
One sandboxing technique involves a computer system executing (i) a pre-defined prologue before all executions of a specific instruction (e.g., write instructions) and/or (ii) a pre-defined epilogue thereafter. To implement this sandboxing technique, an assembly language programmer adds code to an application program immediately before each write instruction to ensure that the instruction is not affecting “protected space.” With this technique, data enters a computer system, but the sandboxing code constrains the way in which the data can be used within the system environment. Should the data contain a Trojan Horse or virus (i.e., malicious software), the malicious software has access only to the constrained environment and the data does not corrupt software applications (or system functions) outside that constrained environment, i.e. beyond the sandbox boundary. With current sandboxing techniques, a system is able to return to known states because sandboxing allows the separation of the changes from the base application and a return to the known state (i.e., the state just prior to implementing the sandbox to execute the particular code).
The most common form of sandboxing is that provided for JAVA.RTM applets, which are self contained elements of software written in JAVA (a language developed and trademarked by Sun Microsystems) that can be executed on a wide variety of different types of computers. One example of a JAVA application that supports sandboxing is “Java virtual machine” (a trademark of Sun Microsystems), which utilizes the technique so that untrusted applets (such as those downloaded from the Internet) can be executed in a constrained environment.
Current sandboxing techniques are limited to the application level, i.e., current sandboxing is limited to a particular application and applies to specific types of files or data (e.g., received email). Some file systems map individual drives on to each other in a nested configuration to achieve application-level sandboxing. Other technologies boot a system with an initial boot drive, and then switch to an alternate drive to perform sandboxing. While these implementations provide some level of post boot security, the sandboxing technique is still limited to a particular application and applies only to specific types of files or data.
A few general-purpose sandboxes have been built or proposed. For example, a research software named Janus is described in a paper entitled “Janus: An approach for Confinement of Untrusted Applications”, David A Wagner, UC Berkeley Computer Science Division, report CSD-99-1056, August 1999. This software utilizes security features within an operating system to separate software executing within the sandbox from other software executing on a computer system in the form of a main workstation desktop.
Further, United States Patent Application No. 20040139334 provides a sandbox application for receiving potentially harmful data and defining a sandbox desktop, characterized in that it also includes program code for encrypting potentially harmful data to render the data harmless and code for decrypting encrypted data for processing by an application constrained by the sandbox application. Important messages are not delayed awaiting expert inspection, but are instead made available to a system user in a constrained quarantine environment provided by a sandbox desktop.
Another recent development in the computer arts is the use of application-level “skins” to customize the interface of a particular application to a user's design. Skins are layers of visual and auditory interfaces that a user is able to place over an existing application to customize the user interface of the application. For example, the Winamp application (found at Internet site “www.winamp.com”) and music jukebox applications (found at Internet site “www.musicmatch.com”) provide a “change skin” feature that enables the user to change the visually representation of the application by placing a skin of data above the existing application. This skin of data is local level data, which may be discarded. Use of the skin offers protection to the underlying application code since the changes occur only within the skin and no changes/corruption occurs to the specific application data within the underlying application code.
Use of both sandboxing and/or skins, however, occur on the application-level. Also, sandboxing techniques predominantly find their application in the area of test environments that discard new generated data after a test run. Neither sandboxing nor the use of skins have been applied to more generalized use such as providing protection beyond a single application and supporting a comprehensive system-wide skin overlay (versus an application-level skin) covering the base system and/or entire operating system space.
The present invention thus recognizes that it would be desirable to provide system-level sandboxing functionality via a system-wide skin overlay of the entire base operating system rather than just an application-specific skin (or application-level sandboxing) so that no leakage in the protection of the base system occurs, as is possible when implementing sandboxing for select application(s). The invention further recognizes the desirability of being able to provide removable/portable skins and multiple levels of these system-wide skins. Enabling a user to customize an entire computer system with one or more portable operating system-wide skins that are installable over any computer system would be an advantageous improvement. Finally, it would be further desirable to have hardware support for adding skins directly to the hard drives of a computer system and autonomically implementing sandboxing protections based on a detected hardware configuration. These and other benefits are provided by the invention described herein.